OSS returns HTTP 400 and ExternalRedirectForbidden when a redirection rule fires on a request that uses the bucket's public domain name or OSS-accelerated endpoints for anonymous or signed-URL access. Switch to a custom domain name to resolve it.
Why this happens
This error affects buckets created (or with transfer acceleration enabled) on or after 00:00:00 (UTC+8) on August 5, 2024. When a preset redirection rule (HTTP 3xx) is triggered on such a bucket, OSS blocks the redirect if the request came in through either of the following endpoint types:
| Endpoint type | Domain format | Redirect support |
|---|---|---|
| Public domain name | bucketname.oss-[region].aliyuncs.com | Blocked for anonymous and signed-URL access |
| OSS-accelerated endpoints | bucketname.oss-accelerate.aliyuncs.combucketname.oss-accelerate-overseas.aliyuncs.com | Blocked for anonymous and signed-URL access |
| Custom domain name | Your own domain bound to the bucket | Allowed |
Solution
Bind a custom domain name to your bucket and access objects through it. Custom domains support redirection rules without restriction.
For setup instructions, see Map a custom domain name to the default domain name of a bucket.